SunTrust Employee May Have Stolen Info Of 1.5 Million Clients

SunTrust Banks said last week that a former employee may have downloaded the information of 1.5 million clients in an attempt to share the data with a third-party.

Rob Crandall / Shutterstock.com

The stolen information likely included names, addresses, phone numbers and account balances, according to SunTrust’s release. But it appears that personally identifying information like social security numbers, account numbers, PINs, user IDs, driver’s license information, and passwords were not taken.

SunTrust Chief Executive Officer William Rogers disclosed the incident during a post-earnings call with analysts on Friday, Reuters reports. Rogers said the download attempt occurred six to eight weeks ago, and also said that no significant fraudulent activity was identified.

SunTrust has reportedly declined to disclose both the location of the branch where the employee attempted to steal data, and the identity of the “criminal” third-party with which the employee was trying to connect.

It appears as if SunTrust and its customers may have dodged a bullet in this case, as the company believes the stolen info never left the bank. Despite this, SunTrust is still offering a free identity protection service to its customers for free “on an ongoing basis.” SunTrust clients can enroll on the bank’s website.

Breach, Not A Breach — Does It Matter?

Rogers also claimed this was not a data breach, “adding the employee was not authorized to get that level of information,” as Reuters noted. It’s unclear, however, if “that level of information” is referring to the names and account balances, or the other information that wasn’t accessed.

There’s been a bit of a debate recently on what actually constitutes a data breach, but clients won’t exactly feel more secure if their information is leaked just because a “breach” doesn’t meet some established definition. This incident also illustrates how it can be tough to account for the human element — a malicious actor within the system.

SunTrust said it would be notifying customers who may have been affected by the incident.

Subscribe Today!

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.